Dropbox runs a binary on your machine; that's enough to suspect them. Stick with an open source password manager and an open sync service (S3 plus a script? Or a third party client like Arq).
Yeah, with Dropbox software running on your machine, you not only have to trust them not to snoop on you, you have to trust their non-auditable code to be ~perfect~ against exploitation by others.
Unless you actually read through and understand your open source alternative line by line you aren't really running anything safer
Of course there is the argument that since it's open source it's safe since someone has "audited" it, but many times that's not true.
And even then unless you spend a lot of time trying to break it so you understand it completely you are way better off just writing your own solution, but that takes time and effort